General
-
Target
b8d4df828329617507370def0687c4f7_JaffaCakes118
-
Size
380KB
-
Sample
240617-qmdfgaselg
-
MD5
b8d4df828329617507370def0687c4f7
-
SHA1
aaa0553b099e1922410546fc20a706a8b35105e3
-
SHA256
f7e176e4c11cb65abd71661f0cb5a86be25671cc0d9aef401fc3944abd94432e
-
SHA512
031402a347206d7f21c822e9daa70fd163688881a34bded71c11509f792017f25f1ac0ab8bd2fcac1610eca826f1dec187ffad1bc3936d2fae282c7c904df2f5
-
SSDEEP
6144:r9ye34pytIcTiwOUANV+sZzYebci8OAQDmokHSQdE9VCaqtcCukuCt:k04pKiYQ+AYegi8OLqcQdElCukum
Static task
static1
Behavioral task
behavioral1
Sample
PO-98799.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PO-98799.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
SMTP.yandex.com - Port:
587 - Username:
[email protected] - Password:
GOOD123456
Extracted
Protocol: smtp- Host:
SMTP.yandex.com - Port:
587 - Username:
[email protected] - Password:
GOOD123456
Targets
-
-
Target
PO-98799.exe
-
Size
432KB
-
MD5
31ba58073b33dbad4418fc2006353694
-
SHA1
d202681de59bffbe82ae541dc88585980bfdcf5d
-
SHA256
e5591234e562907478a03882422de2e5ec87869f1388eaecfa6fb39bb0cc331e
-
SHA512
f175dca7685e830955d08b424fe3b29ad54987cc941164bda45d9aa5e7c8589e01170721a54c58f2e8185d856bcdb526df99ff46938a41fc16ac42ed5ac4826f
-
SSDEEP
6144:SNgQMvWDrccHgFJYOxixi2K1pNS0WTEhjLT5S1tqJtfdoT763BvTRG7brk:SNXgDeiHTS0omP9S1YNoT+li
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-